This guide is aimed at absolute beginners. If you are a pro then you'll not be benefiting much from it. However that shouldn't prevent you from reading it.Perhaps you may get to learn something new.

Password security is one of the main concern of computer users. People use passwords for everything from logging in to the computer, using e-mails, online bank accounts and accessing forums

A simple username-password is one of the most common schemes of authentication i.e they help to verify your identity. It's such a simple scheme that every computer user is prone to identity theft i.e if someone gets hold of yor password then they can easily access your accounts.

In this document I'll try to teach you some methods to make strong and secure passwords.While teaching methods to effectively secure your passwords I'll also try to discuss some(read, not all) methods of how they are cracked/stolen.

Passwords can be of the following types:-1: All letters2: All numbers3: All special characters4: Combination of letters and numbers5: Combination of numbers and special characters 6: Combination of letters and special characters7: Combination of letters, numbers and special characters.8: Another category which actually is the sub-category of letters and used in this forum is using a combination of uppercase and lowercase letters along with numbers and special characters.

The most common ways in which passwords can be stolen are:-A: Dictionary attackB: Brute force attackC: Hybrid attackD: Password guessingE: Keylogging

PASSWORD GUESSINGpassword guessing is simply when an attacker tries to guess your password. Most of the users make the mistake of using their D.O.B, their family members' name, their phone no. or other personal info. as passwords. Attacker knows all of this and tries to guess your password. It seems easy but is very effective in case of weak passwords.DICTIONARY ATTACKDictionary Attack uses a dictionary. Password Crackers will try every word from the dictionary as a password. A good dictionary (also known as a word list) is more than just a dictionary, e.g. you will not find the word "qwerty" in the ordinary dictionary but it will surely be included into a good word list. Indeed, this combination of characters is commonly used as a password.(Definition borrowed from lastbit.com)BRUTE FORCE ATTACKBrute Force Attack is the most widely known password cracking method. This attack simply tries to use every possible character combination as a password. To recover a one-character password it is enough to try 26 combinations (‘a’ to ‘z’).(Definition borrowed from lastbit.com)

HYBRID ATTACKIn this case, the password cracker checks all words in the dictionary along with its variations. These can be, for example, the same words with different digits appended to them. (Definition borrowed from lastbit.com)

KEYLOGGINGKey logger is a software or a hardware that records every keystroke that a user types on his keyboard.

Now let's discuss some methods of securing your passwords:-A: Never use personal info. like you name, D.O.B etc as passwords.Attacker knows all of this and password guessing is usually the first step he would perform. Furthermore, a simple name can be easily brute forced.

B: Never use common words like starwars, dexter etc. as your passwords. Dictionaries in the dictionary attack are wiser than you think

C: A good password should be a combination of letters, no. and special characters. You can go ahead with a combination of uppercase and lowercase letters, no. and special characters. This makes it very difficult to bruteforce. To give you an idea of how much time it takes to brute force a password read this:http://lastbit.com/rm_bruteforce.asp

D: good password should have at least 8 characters to make it very difficult to brute force as you read above.

E: To protect yourself from keyloggers read my guide on how to protect your computer(I'll be posting it in some days). You can go ahead and use an anti-keyloggers.ZEMANA ANTILOGGER is a good anti-keylogger

F: Make a policy to change your passwords regularly-like every fortnight or every month. This gives less time to the attacker to crack your passwords.

G: Some people often make the mistake of keeping their passwords written in random papers and leave it on their desk etc. Never do this. Anyone can get hold of your passwords and access your acconts.

There are several tested ways to make secure passwords. I discuss some of them here.A: Phrase alter ruleI just came up with this name to explain you. So you won't be hearing this rule name anywhere else but you would be stumbling upon this method very often.Suppose you took the first two lines of the Christmas song or any other sng you want(Enrique's my favorite )

Jingle Bell Jingle Bell Jingle All The Way

Carry the first letters of each word and write it in capitalJBJBJATW

Now alter every second letter to small letters.JbJbJaTw

Now use 6 for every b and @ for a

Therefore your new password is:J6J6@Tw

Simple isn't it?

B: Phrase alter plus ruleThis is just my modified version of phrase alter rule.Instead of using songs I use a common word and the application name for which I want to use my password.So suppose I want to make a password for linux. I would use my username(Xen in this case)and Linux and come up with a string:XEN_LINUX

This string already has a special character( _ ) but that's not enough. I'll again alter every second letter to smaller case.

XeN_lInUx

Now every vowel is changed to @ and any one of the letter converted to a number (In this case I change l to 1)Therefore the new password is:XeN_1@n@x

This is nothing but an eg. to give you an idea how you can change the Phrase Alter Rule to suit your own needs.C:Long phrase ruleIt's the easiest rule.No special characters or numbers required. All you have to do is use a very long phrase as your password.So I choose:When in rome do as the romans do

The length of the string makes it very difficult to crack and it's very easy to remember.